I am trying to create application to manage sharepoint. I got some of WSDL files for my sharepoint site. while doing authorization. whether I have to pass Username(mailed) and passoword to get response from the sharepoint server. or whether I have encrypt my username or password while sending through WSDL Request?
Kindly help to resolve my issue.strong text
I tried through Java, SO i converted all WSDL files to Java Class. But the server give response like Password Not Match all the time. even if i send correct password
Related
What is IDAnywhere authentication? How can we use this authentication in Java to consume an API through its Url. The same url I can access now in browser with an username and password.
Example - www.abc.com/products/id - gives me a json data as a response in the browser.
I want to get this done using and Id Anywhere auth. Please help.
Can anyone share any open resource to understand IDAnywhere authentication in detail.
Thanks in Advance!
I'm trying to create RestApi first time. Looking for assistance after reading text present online.
My requirement is, I want to create an rest api which will be having username and password. Password will be in encrypted format. So when this api client will request to a web server, that password will be decrypted first on server side and then if the user name and password authenticates then it will send back a temporary token with expiry date. Then again that token will be used in rest api to request data from the web server in xml format.
How can we achieve this ?
And I also want to understand if we encrypt a password in client server then how its get decrypts on web server side. Is the same instance travels from client to web server side while making request ?
Second, The data which I'm trying to consume from web server are the email ids of users which registers on website. My question, If user is getting registered on website then website must be storing those email ids somewhere like in database right ? And my restApi will be accessing the code on web-server side which is responsible to get email ids from database in xml format. Is my understanding correct ?
First, don't concern yourself directly with encrypting details client-side and decrypting them server-side. If you are using TLS/HTTPS (which you should be) then all is well, everything is already encrypted.
The token generation is slightly more difficult but still easy enough. A commonly used and simple to implement method is to use JWT tokens. The general idea is that you create a JSON object like the following:
{ "userID": "FC5A47CC", "expiry": "12/10/2017" }
And then run it through an HMAC using a key only your server knows. You append the result of the HMAC to the JSON object using base64 encoding and then send this to your client after they have logged in.
Using this method, authentication is very fast, as your web server won't need to make any requests to your database server to determine if the token is valid. You can read more about JWT here. I've answered a similar question in more detail here.
As your question asks, these userIDs will obviously need to be stored in your database.
Seems like you want client app to consume resources on behalf of user. I propose OAuth 2.0, which provides mechanism, which you have described to access protected resources without storing passwords. Client app requests a username and password from the user (for example by using a login form) and then send that credentials to the server. Upon receipt and validation server returns token to the client. Client stores token locally and discards username and password. All subsequent request are authorized by token, which can be accomplished using a custom HTTP header, for example X-Auth-Token. Server can optionally provide a refresh token along with the access token, which is used by client to obtain new access token, once current expires. HTTPS/SSL technology is required by OAuth 2.0, so data over wire will be encrypted.
There are 4 roles defined by OAuth 2.0 :
1) Authorization Server — does identity verification and grants token to the client app.
2) Resource Server — Server which hosts actual protected user resource.
3) Resource Owner — User willing to provide access to his protected resource.
4) Client — application that gets access to a user’s resources.
You can use Spring Security OAuth framework to implement this requirement.
I'm reaching out for some help drawing out a solution and I want to make sure I'm doing it securely and properly.
I'm using the following as a resource, as well: https://crackstation.net/hashing-security.htm
The Task
Generate a token (aka authentication code)
Embed token in JSP and send token via URL GET/POST to a PHP server.*
PHP server makes a RESTful Web Service call to JSP server. The call passes the token.
JSP server receives token and uses it to authenticate the user and then returns requested data to PHP server. This is a continuation of the same RESTful Web Service.
You can see here that the JSP server will generate and decode the token. The question is how do I securely generate this token (aka authentication code)?
Do I need to use some kind of private key?
Or, can I apply a salt that includes, amongst other things, date and time, then store the salt and token in a database?
Thank you very much for any help.
UPDATE
*I want to flesh this part out to make it more clear what's happening. The user is logged into a JSP web application. One of the JSP pages introduces the PHP web application to the user. On this same JSP page, there is a link which opens up a PHP page that's located on a separate domain, a separate server (obviously, it's the PHP server). This PHP page is an HTTPS login page for the PHP web application. However, instead of entering a user name and password, the idea is to use a token to authenticate.
I have direct control of the JSP server, but I don't have direct control over the PHP server. Someone else controls it, but I can negotiate the handshake process with this person.
With all the above said, how can I securely pass the token from JSP to the PHP login page, since GET/POST apparently is not secure?
I've gone through many sites and found out webservice is the one way to send the values(username and password) securely from one server to the other server.
In my Php Application i've to send my username and password from php page (vehicle.php) to the java api page (someheader://someip:someport/track/Track?page=map.fleet). That Api should accept the username and password ,verify them and login.
My problem is i dont know how to send a request with username and password to this Java Api from php page through webservice. Please help me guys.
Thanks,
SJ
This tutorial should point you in the right direction.
Don't forget to hash your passwords before sending them around.
You said you don't know how to send to send request to web service. First test those services using tools like storm, SOAPUI. Here you will get an idea of what inputs are to be passed and what's output. The least you should know what's the format (XML) of request.
I'm trying to generate a web service client with the eclipse Web Service Client wizard. However, the wsdl needs http authentication, and haven't found a way to enter the authentication information.
Open the wsdl in a browser and enter the login information when prompted. Once the wsdl opens save it to a file on your hard drive. Use the file with eclipse to generate your code. Then you may have to replace the endpoint value in the java code created because it will contain the location of the file instead of the deployed wsdl. I've had to do it this way a couple of times to get around the authentication piece.